General Data Protection Regulation (GDPR) came into effect on May 25, 2018. What this meant was that any European Union (EU) organization that stores personal data, and any organization that does business in the EU, must follow its guidelines or face major fines. A data breach that is the result of noncompliance, could cost companies fines of up to €20 million (about $24.5 million) or 4% of global annual revenue for the previous financial year, whichever is higher.
Since GDPR went into effect a year ago, European privacy authorities have received nearly 65,000 data breach notifications. Also, regulators in 11 European countries have imposed $63 million in fines. One of the biggest fines was announced in January, when France’s data protection authority announced that it will fine google $57 million (€50 million) for failing to comply with GDPR. CNIL, the French regulatory body, claimed that Google had failed to comply with the General Data Protection Regulation (GDPR) when new Android users set up a new phone and follow Android’s onboarding process.
The increase in data breach notifications does not mean that breaches are occurring more or less frequently, says Brian Honan, who leads Dublin-based information security consultancy BH Consulting. Rather, more breaches are simply being brought to light thanks to GDPR's mandatory breach notifications. There is just a greater awareness of breaches. Paul Chichester, operations director at Britain's National Cyber Security Center, says, "People are much more interested in preparing for breaches, and we have seen people preparing for what they want to do after a breach."
According to Microsoft’s blog, there has also been an improvement in how companies handle their customers’ personal data. Companies that collect and process personal information for people living in the EU have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose. Since GDPR came into effect, many countries around the globe, including Brazil, China, India, Japan, South Korea and Thailand are looking at implementing similar regulations. Canada also introduced tougher privacy regulations in November of last year when it strengthened it PIPEDA Regulations.
GDPR has become the driving force behind the global movement to modernize privacy laws. People around the world have a growing expectation that everyone should benefit from digital technology without losing control of their personal information. What this means for organizations around the world, is that consumer data privacy is a must! Organizations can no longer pay lip service to their data security, and that of their partners. In addition, organizations need to be prepared in the event of a breach and have a plan for how they respond. And not just a response for the press, but a timely response to various governing bodies.
To ensure your organizations is ready to respond to a privacy breach, contact Uzado about Breach Readiness as a Service (BRaaS) today!